Security update for plasma5-workspace (important)

ID OPENSUSE-SU-2018:0398-1
Type suse
Reporter Suse
Modified 2018-02-08T12:18:05


This update for plasma5-workspace fixes security issues and bugs.

The following vulnerabilities were fixed:

  • CVE-2018-6790: Desktop notifications could have been used to load arbitrary remote images into Plasma, allowing for client IP discovery (boo#1079429)
  • CVE-2018-6791: A specially crafted file system label may have allowed execution of arbitrary code (boo#1079751)

The following bugs were fixed:

  • Plasma could freeze with certain notifications (boo#1013550)